CryptoLocker. WannaCry. Petya. Bad Rabbit. The ransomware threat isn’t going away anytime soon; the news brings constant reports of new waves of this pernicious type of malware washing across the world. It’s popular in large part because of the immediate financial payoff for attackers: It works by encrypting the files on your hard disk, then demands that you pay a ransom, frequently in Bitcoins, to decrypt them.

But you needn’t be a victim. There’s plenty that Windows 10 users can do to protect themselves against it. In this article, I’ll show you how to keep yourself safe, including how to use an anti-ransomware tool built into the Windows 10 Fall Creators Update (version 1709), the major update to Windows 10 released in October 2017.

(Administrators, see "What IT needs to know about ransomware and Windows 10" at the end of this article.)

Note that this article assumes that you’re already taking the basic precautions against malware in general, including running anti-malware software and never downloading attachments or clicking links in email from unknown senders and suspicious-looking email.

Use Controlled Folder Access in the Fall Creators Update

Microsoft is concerned enough about ransomware that it built an easy-to-configure anti-ransomware tool directly into the Windows 10 Fall Creators Update. Controlled Folder Access protects you by letting only safe and fully vetted applications access your files. Unknown applications or known malware threats aren’t allowed through.

By default, the feature is not turned on, so if you want to protect yourself against ransomware, you’ll have to tell it to get to work. And you can customize exactly how it works by adding new applications to its whitelist of programs that can access files, and adding new folders in addition to the ones that it protects by default.